Tag Archives: security

Last week, GDELT was suspended and three researchers left the project. This huge data set on media reports (not only) about conflicts got a lot of buzz (here and elsewhere). Now it seems that several parties are arguing about whether or not the underlying data was properly licensed. You can find some of the speculations in this thread on “Political Science Rumors”, page 3 and following.

Kalev Leetaru, the designer of the data set, now seems to have set up a new website and promises that everything will be fine:

While this whole situation would have been easily avoided with just a little communication and avoided a lot of unnecessary angst, the silver lining is that it has demonstrated just how widely-used and important GDELT has really become over the past year and we are tremendously excited to work with all of you in 2014 to really explore the future of “big data” study of human society.

Few noticed several years ago that France conducted the EU operation in Chad almost entirely on its own, and the same for the UN operation in the Ivory Coast (both were largely ignored in Washington). There was an unsuccessful raid of al-Shabbab conducted in Somalia in early 2013, but France intervened in the highly unstable Central African Republic at the end of 2013. In-between France demonstrated particular skill in conducting its Mali intervention, which has been heralded as a successful demonstration of an alternative way to intervene compared to the experience of U.S.-led allies in Iraq and Afghanistan.

The French operation was impressive at the outset in that it took only three months to go from a decision in Paris to achieve operational boots on the ground. French military sustainability was amply demonstrated, with its contingency force growing to 5000 deployed troops midway through the intervention (only 7 troop fatalities occurred). The French with Chadian support accomplished their military objectives with relative ease in harsh field conditions, beyond the gaze of any reporters and therefore less likely that France would suffer diplomatically from any images of its troops killing Islamic fighters (a brigade has remained in Mali after the successful election of a new president). All of this was accomplished with broad and deep support across elite and public opinion.

Still, I think Tim Hartford and Alex Tabarrok miss a couple of important points in the casual way they deal with inequality. (See the comment section at Marginal Revolution for a discussion on how phrasing matters.)

Again, from a moderate perspective, the point here is not ‘expropriate them all‘. But we need to ensure that everyone has a decent income and improve taxation in order to mitigate capitalism’s tendencies to reward capital more than labor. The Economist has a short discussion of Thomas Piketty’s new book on the issue. More here. I have a feeling there will be many heated discussions over the year.

every two weeks the CGP posts a question related to an important topic in current affairs – and presents short but profound comments from distinguished International Relations experts and practitioners from all over the world

Speaking of new blogs: Dan Nexon, of Duck of Minerva fame, now runs a personal blog called Hylaean Flow. Much of it will probably deal with insights from his role as editor for ISQ and the publishing process in general (via the Duck, where they also posted the new Game of Thrones trailer, just in case you missed it)

—

Tyler Cowen presents opinions from different people on “Which countries will have the next financial crisis?” If you’re a citizen, resident or investor in one of the following, now might be the time to worry: Denmark, Sweden or Norway (high private household debt), Singapore (a lot of loans), Malaysia or the Philippines (economic bubble), Ukraine (although Russia helped), Canada (real estate bubble), Thailand, Turkey, Greece, India or Indonesia (Tyler’s picks).

One key question is the relative worry weights you assign to private debt vs. bad institutions.

What about the rest of the world? The eurozone is seeing ongoing credit contraction and perhaps deflation too. Japan just announced a surprisingly large and apparently persistent current account deficit. And the United States? Things look pretty good, but in fact by the standards of historical timing we are soon due for another recession.

Happy New Year everyone! We’re back from our winter break. (Actually, some members of the IR Blog editorial board are still enjoying their time off, but I guess they will return to their desks eventually.)

—

At the 2013 Chaos Communication Congress in Hamburg, Jacob Applebaum gave a talk that summarized what is known about the NSA’s “Tailored Access Operations” unit. You can watch the video above. Basically, “tailored access” means that these are high-tech “hackers” that acquire intelligence on high-profile targets. Their arsenal includes tiny wireless chips inserted into hardware that is intercepted on the way to customers (!) as well as a special kind of bug that can be accessed by radar waves. Given that the information is from 2009, they probably have even more sophisticated tools now.

In the Guardian, Matt Blaze makes a very important point: “The NSA’s Tailored Access Operations show there’s a way to be safe and get good intelligence without mass surveillance”. The crucial difference is that between (A) civil-rights-abusing mass surveillance (as currently discussed, again, in the German cabinet) and (B) targeted surveillance of people that were chosen based on meaningful criteria. As Blaze puts it:

TAO is retail rather than wholesale.

That is, as well as TAO works (and it appears to work quite well indeed), they can’t deploy it against all of us – or even most of us. They must be installed on each individual target’s own equipment, sometimes remotely but sometimes through “supply chain interdiction” or “black bag jobs”. By their nature, targeted exploits must be used selectively. Of course, “selectively” at the scale of NSA might still be quite large, but it is still a tiny fraction of what they collect through mass collection.

For over a decade now, the NSA has been drowning in a sea of irrelevant data collected almost entirely about innocent people who would never be selected as targets or comprise part of any useful analysis. The implicit assumption has been that spying on everyone is the price we pay to be able to spy on the real bad guys. But the success of TAO demonstrates a viable alternative. And if the NSA has any legitimate role in intelligence gathering, targeted operations like TAO have the significant advantage that they leave the rest of us – and the systems we rely on – alone.

In other words: I’m far more comfortable with the idea that U.S. operatives secretly plant a bug in some suspected terrorist’s computer in Berlin than with the fact that all kinds of “metadata” on German (and other) citizens are being collected non-stop.

Putting a stop to individual-level surveillance seems implausible to me, and also impossible seeing that U.S. legislators would have to decide to shut down pretty much all of what intellifence agencies are about. But is it really that far-fetched (or naive) to hope for some consensus in favor of civil rights? Even if you don’t care about somewhat lofty and abstract pro-privacy arguments, U.S. and European business is being hurt by the NSA’s horrible reputation, and then there’s always the risk that backdoors may be used by more than one party…

Small anniversary: Link post #25. By the way, do you find these useful?

—

On cyber attacks, I would like to recommend three pieces that might not be for everyone, but are interesting to get a more technical understanding of what is going:

Ralph Langner has written a fascinating account of “Stuxnet”. It turns out that the U.S./Israeli (?) attack on Iranian nuclear centrifuges consisted not of one, but two separate types of computer virus, with trade-offs between effectiveness, predictability and stealth. The newer version used a less sophisticated way to damage centrifuges, but a much more sophisticated way to gain access in the first place and then spread across systems.

Jim Cowie discusses a different form of attack, in which internet traffic is redirected to get access to sensitive information. Fascinating for laypeople: Since we’re talking about milliseconds, “[t]he recipient, perhaps sitting at home in a pleasant Virginia suburb drinking his morning coffee, has no idea that someone in Minsk has the ability to watch him surf the web”. (But keep in mind that this comes form a private IT security company and is phrased to maximize PR effects.)

—

Two items on free trade negotiations:

First, Philip Murphy, the former U.S. Ambassador to Germany, is very confident that President Obama will manage to get approval from Congress for the Transatlantic Trade and Investment Partnership TTIP (via AICGS / Tobias Bunde).

The U.S. and Japan are relatively isolated in their negotiating positions.

There appears to be a strong negotiating network between Singapore, Chile, Malaysia and New Zealand.

Canada is up to something!

Some commentators pointed out that he might be neglecting an alternative explanation: that the U.S. and Japan are simply happy with the current document, as they have had a bigger say in creating the draft.

Irrespective of the arguments about causality, Michael’s blog post is a great example of what can be done with leaked documents and visualization! (via The Monkey Cage, where you can find more comments).

The Campaign to Stop Killer Robots secured an important victory last week when delegates of States Parties to the Convention on Certain Conventional Weapons (CCW) voted unanimously to take up the issue (…).

(…)

While this is an important and promising moment, the shape and trajectory of norm-building efforts will depend a great deal on the tenor and outcome of next May’s CCW meeting. And one thing is sure: if that meeting results in weaker norms that hoped for my human security advocates, NGOs may simply take their cause elsewhere.

In my view, all these arguments have some merit but the most important thing to focus on is the issue of extrajudicial killing, rather than the means used to do it, for two reasons. First, if the US ended its targeted killings policy this would effectively stop the use of weaponized drones in the war on terror, whereas the opposite is not the case; and it would effectively remove the CIA from involvement with drones. It would thus limit weaponized drones to use in regular armed conflicts that might arise in the future, and only at the hands of trained military personnel. If Holewinski and Lewis are right, this will drastically reduce civilian casualties from drones.

—

I’d like to recommend a couple of links on attempts to forecast political events. First, the always excellent Jay Ulfelder has put together some links on prediction markets, including a long story in the Pacific Standard on the now defunct platform Intrade. Ulfelder also comments on “why it is important to quantify our beliefs”.

Second (also via Ulfelder), I highly recommend the Predictive Heuristics blog, which is run by the Ward Lab at Duke University. Their most recent post covers a dataset on political conflict called ICEWS and its use in the Good Judgment Project, a forecasting tournament that I have covered here on the blog as well. (#4 of my series should follow soon-ish.)

Of course, economists are experts at decision-making under uncertainty, so we are uniquely well-placed to handle this. However, there is a roadblock that has been thrown up that makes that task a bit harder – the REF guidelines insist that the panel cannot make use of journal impact factors or any hierarchy of journals as part of the assessment process. It seems perplexing that any information should be ignored in this process, especially when it seems so pertinent. Here I will argue that journal quality is important and should be used, but only in combination with other relevant data. Since we teach our own students a particular method (courtesy of the Reverend Thomas Bayes) for making such decisions, why not practise what we preach?

This resonates with earlier debates here and elsewhere on how to assess academic work. There’s a slippery slope if you rely on publications: in the end, are you just going to count the number of peer-reviewed articles in a CV without ever reading any of them? However, Sgroi is probably right to point out that it’s absurd to disregard entirely the most important mechanism of quality control this profession has to offer, despite all its flaws.

—

Next week, the Körber-Stiftung will hold the 3rd Berlin Foreign Policy Forum. One of the panels deals with transatlantic relations. I’m wonder if any interesting news on the spying scandal will pop up in time. Meanwhile, this talk by Dan Geer on “tradeoffs in cyber security” illustrates the self-reinforcing logic of surveillance (via Bruce Schneier):

Unless you fully instrument your data handling, it is not possible for you to say what did not happen. With total surveillance, and total surveillance alone, it is possible to treat the absence of evidence as the evidence of absence. Only when you know everything that *did* happen with your data can you say what did *not* happen with your data.

Our model drew on previous election outcomes, characteristics of the government and of voters and, most originally, the relative economic performance of Germany in comparison to the two other most important economies in Europe (…). Our model fared at least as well as traditional polling, making us optimistic about the future of forecasting elections in general and forecasting German elections in particular.

O’Bagy’s academic credentials were crucial to her status as an ‘expert.’ When these credentials exploded, so did her career. Zu Guttenberg’s value rests not on his purported academic training, but on his past political role and current political connections.

Jay Ulfelder argues that we live in a time of systemic instability, which is only inadequately captured by observers that stick to a perspective where “countries are a bit like petri dishes lined up on a laboratory countertop”. So we ought to think harder about connecting the dots between state failures, increasing piracy, the financial crisis, food prices, and long-time cycles of social unrest (which look slightly esoteric to me)…

56 (80%) of the 70 teaspoons disappeared during the study. (…) The half life of teaspoons in communal tearooms (42 days) was significantly shorter than for those in rooms associated with particular research groups (77 days). The rate of loss was not influenced by the teaspoons’ value. (…) At this rate, an estimated 250 teaspoons would need to be purchased annually to maintain a practical institute-wide population of 70 teaspoons. (…) The loss of workplace teaspoons was rapid, showing that their availability, and hence office culture in general, is constantly threatened.

A few days earlier, on September 14, the Syrian government has officially requested to join the Chemical Weapons Convention (CWC). This is a reaction to the U.S. threat to launch an attack, paired with new diplomatic efforts by Russia (and others?). The UN has received all necessary documents now and the accession will be effective in mid-October.

In addition, it looks like the UN Security Council – after months of paralysis and a grand total of one single press release mentioning Syria in 2013 – might actually pass a resolution soon. So Russia and the U.S. seem to have agreed on … something. To me, it is not entirely clear what to expect – but it seems to be focused on taking CW out of the picture.

The fact that we use mathematical equations to generate our forecasts and we can quantify our uncertainty doesn’t always mean that our forecasts are more accurate or more precise than what pundits offer, and it’s incumbent on us to convey those limitations. It’s easy to model things. It’s hard to model them well, and sometimes hard to spot the difference.

It is difficult to predict which way the current conflict in Syria will end up, as even some sort of stalemate could be the result. But if opposition forces were ultimately successful in defeating Assad’s forces then it would be difficult for Western governments to ignore their shared security interests in the assurance of post-conflict stability in Syria.

Instead of lamenting the state of the German twitter- and blogosphere, let’s try and improve networking! So far, I had completely overlooked the blog “Junge UN Forschung”, written by members of the German junior researcher’s working group for UN studies (h/t Christian Kreuder-Sonnen).

In February, the American cyber security company Mandiant released a report “exposing one of China’s cyber espionage units” (PDF here). A large chunk of it boils down to three findings: The attacks on US infrastructures originated in China, they were orchestrated by a large and resourceful group, and Mandiant has studied that group to the extent where they can tell individual members apart.

Finally the authors point out that the activities of this “Advanced Persistent Threat #1” (APT1) have been tracked to a certain location in Shanghai, which also happens to host the headquarters of a Chinese military unit (PLA Unit 61398) dealing with cyber security. So Mandiant claims to be able to trace breaches into private U.S. security systems back to a unit of the People’s Liberation Army.